The password for an Apple iDisk is sent via HTTPS/WebDAV. However, if you configure OSX with an iDisk password, the same password is copied to the Mail.app configuration (which might not have been previously configured). Clicking on a "mailto" link fires up Mail.app, which then connects to mac.com which *does not* support any method of encrypted password transmission. Net effect: your iDisk password is transmitted in the clear without your awareness, albeit as a mail password. Problems: - mac.com SMTP doesn't support encrypted passwords - mac.com's mail password is *always* identical to iDisk password - OSX's "do what I mean" friendliness saves passwords without knowledge -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 <merlyn@stonehenge.com> <URL:http://www.stonehenge.com/merlyn/> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
